概要
volatilityの作法、調べてみた。
winxpsp3のスナップショット、取ってみた。
pslist
Offset(V) Name PID PPID Thds Hnds Sess Wow64 Start Exit
---------- -------------------- ------ ------ ------ -------- ------ ------ ------------------------------ ------------------------------
0x817c6bd0 System 4 0 41 202 ------ 0
0x815d3550 smss.exe 288 4 3 17 ------ 0 2020-02-11 12:57:18 UTC+0000
0x816f53b8 csrss.exe 388 288 9 259 0 0 2020-02-11 12:57:19 UTC+0000
0x816f57e0 winlogon.exe 412 288 22 466 0 0 2020-02-11 12:57:19 UTC+0000
0x8153e020 services.exe 516 412 21 243 0 0 2020-02-11 12:57:19 UTC+0000
0x81636180 lsass.exe 528 412 26 361 0 0 2020-02-11 12:57:19 UTC+0000
0x81671398 svchost.exe 676 516 7 121 0 0 2020-02-11 12:57:19 UTC+0000
0x815f5da0 svchost.exe 736 516 13 198 0 0 2020-02-11 12:57:20 UTC+0000
0x8162ad78 svchost.exe 800 516 48 676 0 0 2020-02-11 12:57:20 UTC+0000
0x81699838 svchost.exe 844 516 6 72 0 0 2020-02-11 12:57:20 UTC+0000
0x81709b78 svchost.exe 876 516 7 126 0 0 2020-02-11 12:57:20 UTC+0000
0x8164a810 spoolsv.exe 1172 516 6 51 0 0 2020-02-11 12:57:21 UTC+0000
0x81602c70 userinit.exe 1268 412 2 45 0 0 2020-02-11 12:57:21 UTC+0000
0x816f2b70 explorer.exe 1284 1268 14 321 0 0 2020-02-11 12:57:21 UTC+0000
0x81679788 ctfmon.exe 1412 1284 1 71 0 0 2020-02-11 12:57:22 UTC+0000
pstree
Name Pid PPid Thds Hnds Time
-------------------------------------------------- ------ ------ ------ ------ ----
0x817c6bd0:System 4 0 41 202 1970-01-01 00:00:00 UTC+0000
. 0x815d3550:smss.exe 288 4 3 17 2020-02-11 12:57:18 UTC+0000
.. 0x816f53b8:csrss.exe 388 288 9 259 2020-02-11 12:57:19 UTC+0000
.. 0x816f57e0:winlogon.exe 412 288 22 466 2020-02-11 12:57:19 UTC+0000
... 0x81602c70:userinit.exe 1268 412 2 45 2020-02-11 12:57:21 UTC+0000
.... 0x816f2b70:explorer.exe 1284 1268 14 321 2020-02-11 12:57:21 UTC+0000
..... 0x81679788:ctfmon.exe 1412 1284 1 71 2020-02-11 12:57:22 UTC+0000
... 0x8153e020:services.exe 516 412 21 243 2020-02-11 12:57:19 UTC+0000
.... 0x815f5da0:svchost.exe 736 516 13 198 2020-02-11 12:57:20 UTC+0000
.... 0x81709b78:svchost.exe 876 516 7 126 2020-02-11 12:57:20 UTC+0000
.... 0x81699838:svchost.exe 844 516 6 72 2020-02-11 12:57:20 UTC+0000
.... 0x81671398:svchost.exe 676 516 7 121 2020-02-11 12:57:19 UTC+0000
.... 0x8164a810:spoolsv.exe 1172 516 6 51 2020-02-11 12:57:21 UTC+0000
.... 0x8162ad78:svchost.exe 800 516 48 676 2020-02-11 12:57:20 UTC+0000
... 0x81636180:lsass.exe 528 412 26 361 2020-02-11 12:57:19 UTC+0000
psscan
Offset(P) Name PID PPID PDB Time created Time exited
------------------ ---------------- ------ ------ ---------- ------------------------------ ------------------------------
0x000000000193e020 services.exe 516 412 0x07e3e000 2020-02-11 12:57:19 UTC+0000
0x00000000019d3550 smss.exe 288 4 0x06ae5000 2020-02-11 12:57:18 UTC+0000
0x00000000019f5da0 svchost.exe 736 516 0x0895f000 2020-02-11 12:57:20 UTC+0000
0x0000000001a02c70 userinit.exe 1268 412 0x0b258000 2020-02-11 12:57:21 UTC+0000
0x0000000001a2ad78 svchost.exe 800 516 0x08b25000 2020-02-11 12:57:20 UTC+0000
0x0000000001a36180 lsass.exe 528 412 0x07f07000 2020-02-11 12:57:19 UTC+0000
0x0000000001a4a810 spoolsv.exe 1172 516 0x0b019000 2020-02-11 12:57:21 UTC+0000
0x0000000001a71398 svchost.exe 676 516 0x085e9000 2020-02-11 12:57:19 UTC+0000
0x0000000001a79788 ctfmon.exe 1412 1284 0x0c299000 2020-02-11 12:57:22 UTC+0000
0x0000000001a99838 svchost.exe 844 516 0x08c7a000 2020-02-11 12:57:20 UTC+0000
0x0000000001af2b70 explorer.exe 1284 1268 0x0b3c6000 2020-02-11 12:57:21 UTC+0000
0x0000000001af53b8 csrss.exe 388 288 0x07670000 2020-02-11 12:57:19 UTC+0000
0x0000000001af57e0 winlogon.exe 412 288 0x07975000 2020-02-11 12:57:19 UTC+0000
0x0000000001b09b78 svchost.exe 876 516 0x08e87000 2020-02-11 12:57:20 UTC+0000
0x0000000001bc6bd0 System 4 0 0x00039000
dlllist
************************************************************************
System pid: 4
Unable to read PEB for task.
************************************************************************
smss.exe pid: 288
Command line : \SystemRoot\System32\smss.exe
Base Size LoadCount LoadTime Path
---------- ---------- ---------- ------------------------------ ----
0x48580000 0xf000 0xffff \SystemRoot\System32\smss.exe
0x7c940000 0x9c000 0xffff C:\WINDOWS\system32\ntdll.dll
************************************************************************
csrss.exe pid: 388
Command line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
Service Pack 3
Base Size LoadCount LoadTime Path
---------- ---------- ---------- ------------------------------ ----
0x4a680000 0x5000 0xffff \??\C:\WINDOWS\system32\csrss.exe
0x7c940000 0x9c000 0xffff C:\WINDOWS\system32\ntdll.dll
0x75a80000 0xb000 0xffff C:\WINDOWS\system32\CSRSRV.dll
0x75a90000 0x10000 0x3 C:\WINDOWS\system32\basesrv.dll
0x764c0000 0x54000 0x2 C:\WINDOWS\system32\winsrv.dll
0x77ed0000 0x49000 0xa C:\WINDOWS\system32\GDI32.dll
0x7c800000 0x133000 0x19 C:\WINDOWS\system32\KERNEL32.dll
0x77cf0000 0x90000 0xa C:\WINDOWS\system32\USER32.dll
0x60740000 0x9000 0x1 C:\WINDOWS\system32\LPK.DLL
0x73f80000 0x6b000 0x1 C:\WINDOWS\system32\USP10.dll
0x77d80000 0xa9000 0x8 C:\WINDOWS\system32\ADVAPI32.dll
0x77e30000 0x92000 0x4 C:\WINDOWS\system32\RPCRT4.dll
0x77fa0000 0x11000 0x3 C:\WINDOWS\system32\Secur32.dll
0x75de0000 0xaf000 0x1 C:\WINDOWS\system32\sxs.dll
************************************************************************
winlogon.exe pid: 412
Command line : winlogon.exe
Service Pack 3
Base Size LoadCount LoadTime Path
---------- ---------- ---------- ------------------------------ ----
0x01000000 0x7e000 0xffff \??\C:\WINDOWS\system32\winlogon.exe
0x7c940000 0x9c000 0xffff C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x133000 0xffff C:\WINDOWS\system32\kernel32.dll
0x77d80000 0xa9000 0xffff C:\WINDOWS\system32\ADVAPI32.dll
0x77e30000 0x92000 0xffff C:\WINDOWS\system32\RPCRT4.dll
0x77fa0000 0x11000 0xffff C:\WINDOWS\system32\Secur32.dll
0x77c20000 0x12000 0xffff C:\WINDOWS\system32\AUTHZ.dll
0x77bc0000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll
0x765c0000 0x94000 0xffff C:\WINDOWS\system32\CRYPT32.dll
0x77c40000 0x12000 0xffff C:\WINDOWS\system32\MSASN1.dll
0x77cf0000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll
0x77ed0000 0x49000 0xffff C:\WINDOWS\system32\GDI32.dll
0x75880000 0x8000 0xffff C:\WINDOWS\system32\NDdeApi.dll
0x75870000 0xa000 0xffff C:\WINDOWS\system32\PROFMAP.dll
0x59250000 0x55000 0xffff C:\WINDOWS\system32\NETAPI32.dll
0x7e8c0000 0xb1000 0xffff C:\WINDOWS\system32\USERENV.dll
0x76ba0000 0xb000 0xffff C:\WINDOWS\system32\PSAPI.DLL
0x76b70000 0xf000 0xffff C:\WINDOWS\system32\REGAPI.dll
0x76040000 0x159000 0xffff C:\WINDOWS\system32\SETUPAPI.dll
0x77bb0000 0x8000 0xffff C:\WINDOWS\system32\VERSION.dll
0x762b0000 0x10000 0xffff C:\WINDOWS\system32\WINSTA.dll
0x76be0000 0x2e000 0xffff C:\WINDOWS\system32\WINTRUST.dll
0x76c40000 0x28000 0xffff C:\WINDOWS\system32\IMAGEHLP.dll
0x719e0000 0x17000 0xffff C:\WINDOWS\system32\WS2_32.dll
0x719d0000 0x8000 0xffff C:\WINDOWS\system32\WS2HELP.dll
0x762e0000 0x1d000 0x7 C:\WINDOWS\system32\IMM32.DLL
0x60740000 0x9000 0x1 C:\WINDOWS\system32\LPK.DLL
0x73f80000 0x6b000 0x1 C:\WINDOWS\system32\USP10.dll
0x758b0000 0xf4000 0x2 C:\WINDOWS\system32\MSGINA.dll
0x5ab60000 0x9a000 0x8 C:\WINDOWS\system32\COMCTL32.dll
0x73520000 0x3d000 0x2 C:\WINDOWS\system32\ODBC32.dll
0x76300000 0x48000 0x2 C:\WINDOWS\system32\comdlg32.dll
0x7d5b0000 0x800000 0x11 C:\WINDOWS\system32\SHELL32.dll
0x77f20000 0x76000 0x1c C:\WINDOWS\system32\SHLWAPI.dll
0x77160000 0x103000 0x3 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x1f840000 0x17000 0x1 C:\WINDOWS\system32\odbcint.dll
0x76df0000 0x23000 0x1 C:\WINDOWS\system32\SHSVCS.dll
0x76b60000 0x5000 0x2 C:\WINDOWS\system32\sfc.dll
0x76c10000 0x29000 0x5 C:\WINDOWS\system32\sfc_os.dll
0x76970000 0x13d000 0x18 C:\WINDOWS\system32\ole32.dll
0x76d90000 0x22000 0x1 C:\WINDOWS\system32\Apphelp.dll
0x73620000 0x2e000 0x1 C:\WINDOWS\system32\msctfime.ime
0x58730000 0x38000 0x6 C:\WINDOWS\system32\uxtheme.dll
0x72340000 0x1b000 0x7 C:\WINDOWS\system32\WINSCARD.DLL
0x76f00000 0x8000 0x7 C:\WINDOWS\system32\WTSAPI32.dll
0x75de0000 0xaf000 0x1 C:\WINDOWS\system32\sxs.dll
0x76af0000 0x2b000 0x7 C:\WINDOWS\system32\WINMM.dll
0x76550000 0x1c000 0x2 C:\WINDOWS\system32\cscdll.dll
0x45fb0000 0x8000 0x1 C:\WINDOWS\System32\dimsntfy.dll
0x68000000 0x36000 0x1 C:\WINDOWS\system32\rsaenh.dll
0x75890000 0x1a000 0x6 C:\WINDOWS\system32\WlNotify.dll
0x71a50000 0x12000 0x8 C:\WINDOWS\system32\MPR.dll
0x72f50000 0x26000 0x6 C:\WINDOWS\system32\WINSPOOL.DRV
0x71b40000 0x13000 0x3 C:\WINDOWS\system32\SAMLIB.dll
0x4edc0000 0x56000 0x1 C:\WINDOWS\system32\imjp81.ime
0x648f0000 0xd0000 0x2 C:\WINDOWS\system32\imjp81k.dll
0x76570000 0x50000 0x1 C:\WINDOWS\system32\cscui.dll
0x02100000 0x560000 0x2 C:\WINDOWS\system32\xpsp2res.dll
0x77cb0000 0x24000 0x1 C:\WINDOWS\system32\msv1_0.dll
0x76d10000 0x19000 0x1 C:\WINDOWS\system32\iphlpapi.dll
0x76cf0000 0x18000 0x1 C:\WINDOWS\system32\MPRAPI.dll
0x77fc0000 0x32000 0x1 C:\WINDOWS\system32\ACTIVEDS.dll
0x76dc0000 0x25000 0x1 C:\WINDOWS\system32\adsldpc.dll
0x76f10000 0x2c000 0x2 C:\WINDOWS\system32\WLDAP32.dll
0x76ad0000 0x11000 0x1 C:\WINDOWS\system32\ATL.DLL
0x770d0000 0x8b000 0x4 C:\WINDOWS\system32\OLEAUT32.dll
0x76e30000 0xe000 0x1 C:\WINDOWS\system32\rtutils.dll
0x76c90000 0x20000 0x1 C:\WINDOWS\system32\NTMARTA.DLL
0x3b100000 0x1b000 0x1 C:\WINDOWS\IME\IMJP8_1\Dicts\IMJPCD.DIC
0x77000000 0xab000 0x2 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 0x2 C:\WINDOWS\system32\CLBCATQ.DLL
************************************************************************
services.exe pid: 516
Command line : C:\WINDOWS\system32\services.exe
Service Pack 3
Base Size LoadCount LoadTime Path
---------- ---------- ---------- ------------------------------ ----
0x01000000 0x1c000 0xffff C:\WINDOWS\system32\services.exe
0x7c940000 0x9c000 0xffff C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x133000 0xffff C:\WINDOWS\system32\kernel32.dll
0x77d80000 0xa9000 0xffff C:\WINDOWS\system32\ADVAPI32.dll
0x77e30000 0x92000 0xffff C:\WINDOWS\system32\RPCRT4.dll
0x77fa0000 0x11000 0xffff C:\WINDOWS\system32\Secur32.dll
0x77bc0000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll
0x5d3d0000 0xc000 0xffff C:\WINDOWS\system32\NCObjAPI.DLL
0x75fd0000 0x65000 0xffff C:\WINDOWS\system32\MSVCP60.dll
0x75820000 0x4d000 0xffff C:\WINDOWS\system32\SCESRV.dll
0x77c20000 0x12000 0xffff C:\WINDOWS\system32\AUTHZ.dll
0x77cf0000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll
0x77ed0000 0x49000 0xffff C:\WINDOWS\system32\GDI32.dll
0x7e8c0000 0xb1000 0xffff C:\WINDOWS\system32\USERENV.dll
0x7df20000 0x20000 0xffff C:\WINDOWS\system32\umpnpmgr.dll
0x762b0000 0x10000 0xffff C:\WINDOWS\system32\WINSTA.dll
0x59250000 0x55000 0xffff C:\WINDOWS\system32\NETAPI32.dll
0x5a620000 0x26000 0x1 C:\WINDOWS\system32\ShimEng.dll
0x462d0000 0xf000 0x1 C:\WINDOWS\AppPatch\AcAdProc.dll
0x762e0000 0x1d000 0x1 C:\WINDOWS\system32\IMM32.DLL
0x60740000 0x9000 0x1 C:\WINDOWS\system32\LPK.DLL
0x73f80000 0x6b000 0x1 C:\WINDOWS\system32\USP10.dll
0x76d90000 0x22000 0x1 C:\WINDOWS\system32\Apphelp.dll
0x77bb0000 0x8000 0x1 C:\WINDOWS\system32\VERSION.dll
0x76d50000 0x11000 0x1 C:\WINDOWS\system32\eventlog.dll
0x76ba0000 0xb000 0x1 C:\WINDOWS\system32\PSAPI.DLL
0x719e0000 0x17000 0x1 C:\WINDOWS\system32\WS2_32.dll
0x719d0000 0x8000 0x1 C:\WINDOWS\system32\WS2HELP.dll
0x76f00000 0x8000 0x1 C:\WINDOWS\system32\wtsapi32.dll
************************************************************************
lsass.exe pid: 528
Command line : C:\WINDOWS\system32\lsass.exe
Service Pack 3
Base Size LoadCount LoadTime Path
---------- ---------- ---------- ------------------------------ ----
0x01000000 0x6000 0xffff C:\WINDOWS\system32\lsass.exe
0x7c940000 0x9c000 0xffff C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x133000 0xffff C:\WINDOWS\system32\kernel32.dll
0x77d80000 0xa9000 0xffff C:\WINDOWS\system32\ADVAPI32.dll
0x77e30000 0x92000 0xffff C:\WINDOWS\system32\RPCRT4.dll
0x77fa0000 0x11000 0xffff C:\WINDOWS\system32\Secur32.dll
0x7de60000 0xb1000 0xffff C:\WINDOWS\system32\LSASRV.dll
0x71a50000 0x12000 0xffff C:\WINDOWS\system32\MPR.dll
0x77cf0000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll
0x77ed0000 0x49000 0xffff C:\WINDOWS\system32\GDI32.dll
0x77c40000 0x12000 0xffff C:\WINDOWS\system32\MSASN1.dll
0x77bc0000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll
0x59250000 0x55000 0xffff C:\WINDOWS\system32\NETAPI32.dll
0x76750000 0x13000 0xffff C:\WINDOWS\system32\NTDSAPI.dll
0x76ed0000 0x27000 0xffff C:\WINDOWS\system32\DNSAPI.dll
0x719e0000 0x17000 0xffff C:\WINDOWS\system32\WS2_32.dll
0x719d0000 0x8000 0xffff C:\WINDOWS\system32\WS2HELP.dll
0x76f10000 0x2c000 0xffff C:\WINDOWS\system32\WLDAP32.dll
0x71b40000 0x13000 0xffff C:\WINDOWS\system32\SAMLIB.dll
0x74380000 0x69000 0xffff C:\WINDOWS\system32\SAMSRV.dll
0x76740000 0xc000 0xffff C:\WINDOWS\system32\cryptdll.dll
0x5a620000 0x26000 0x1 C:\WINDOWS\system32\ShimEng.dll
0x567f0000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76af0000 0x2b000 0x2 C:\WINDOWS\system32\WINMM.dll
0x76970000 0x13d000 0x4 C:\WINDOWS\system32\ole32.dll
0x770d0000 0x8b000 0x2 C:\WINDOWS\system32\OLEAUT32.dll
0x77b90000 0x15000 0x1 C:\WINDOWS\system32\MSACM32.dll
0x77bb0000 0x8000 0x1 C:\WINDOWS\system32\VERSION.dll
0x7d5b0000 0x800000 0x2 C:\WINDOWS\system32\SHELL32.dll
0x77f20000 0x76000 0x4 C:\WINDOWS\system32\SHLWAPI.dll
0x7e8c0000 0xb1000 0x8 C:\WINDOWS\system32\USERENV.dll
0x58730000 0x38000 0x3 C:\WINDOWS\system32\UxTheme.dll
0x762e0000 0x1d000 0x2 C:\WINDOWS\system32\IMM32.DLL
0x60740000 0x9000 0x1 C:\WINDOWS\system32\LPK.DLL
0x73f80000 0x6b000 0x1 C:\WINDOWS\system32\USP10.dll
0x77160000 0x103000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5ab60000 0x9a000 0x1 C:\WINDOWS\system32\comctl32.dll
0x4d200000 0xe000 0x1 C:\WINDOWS\system32\msprivs.dll
0x71c40000 0x4c000 0x2 C:\WINDOWS\system32\kerberos.dll
0x77cb0000 0x24000 0x5 C:\WINDOWS\system32\msv1_0.dll
0x76d10000 0x19000 0x8 C:\WINDOWS\system32\iphlpapi.dll
0x743f0000 0x65000 0x2 C:\WINDOWS\system32\netlogon.dll
0x76770000 0x2f000 0x2 C:\WINDOWS\system32\w32time.dll
0x75fd0000 0x65000 0x2 C:\WINDOWS\system32\MSVCP60.dll
0x767a0000 0x27000 0x1 C:\WINDOWS\system32\schannel.dll
0x765c0000 0x94000 0x3 C:\WINDOWS\system32\CRYPT32.dll
0x742c0000 0xf000 0x1 C:\WINDOWS\system32\wdigest.dll
0x68000000 0x36000 0x1 C:\WINDOWS\system32\rsaenh.dll
0x74350000 0x2e000 0x1 C:\WINDOWS\system32\scecli.dll
0x76040000 0x159000 0x1 C:\WINDOWS\system32\SETUPAPI.dll
0x74320000 0x2f000 0x1 C:\WINDOWS\system32\ipsecsvc.dll
0x77c20000 0x12000 0x1 C:\WINDOWS\system32\AUTHZ.dll
0x73eb0000 0xd0000 0x1 C:\WINDOWS\system32\oakley.DLL
0x742b0000 0xb000 0x1 C:\WINDOWS\system32\WINIPSEC.DLL
0x71980000 0x3f000 0x2 C:\WINDOWS\system32\mswsock.dll
0x607c0000 0x56000 0x1 C:\WINDOWS\system32\hnetcfg.dll
0x719c0000 0x8000 0x1 C:\WINDOWS\System32\wshtcpip.dll
0x742e0000 0xb000 0x1 C:\WINDOWS\system32\pstorsvc.dll
0x74300000 0x1a000 0x1 C:\WINDOWS\system32\psbase.dll
0x68100000 0x26000 0x1 C:\WINDOWS\system32\dssenh.dll
************************************************************************
svchost.exe pid: 676
Command line : C:\WINDOWS\system32\svchost -k DcomLaunch
Service Pack 3
Base Size LoadCount LoadTime Path
---------- ---------- ---------- ------------------------------ ----
0x01000000 0x6000 0xffff C:\WINDOWS\system32\svchost.exe
0x7c940000 0x9c000 0xffff C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x133000 0xffff C:\WINDOWS\system32\kernel32.dll
0x77d80000 0xa9000 0xffff C:\WINDOWS\system32\ADVAPI32.dll
0x77e30000 0x92000 0xffff C:\WINDOWS\system32\RPCRT4.dll
0x77fa0000 0x11000 0xffff C:\WINDOWS\system32\Secur32.dll
0x5a620000 0x26000 0x1 C:\WINDOWS\system32\ShimEng.dll
0x567f0000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL
0x77cf0000 0x90000 0x29 C:\WINDOWS\system32\USER32.dll
0x77ed0000 0x49000 0x23 C:\WINDOWS\system32\GDI32.dll
0x76af0000 0x2b000 0x2 C:\WINDOWS\system32\WINMM.dll
0x76970000 0x13d000 0x8 C:\WINDOWS\system32\ole32.dll
0x77bc0000 0x58000 0x16 C:\WINDOWS\system32\msvcrt.dll
0x770d0000 0x8b000 0x3 C:\WINDOWS\system32\OLEAUT32.dll
0x77b90000 0x15000 0x1 C:\WINDOWS\system32\MSACM32.dll
0x77bb0000 0x8000 0x3 C:\WINDOWS\system32\VERSION.dll
0x7d5b0000 0x800000 0x1 C:\WINDOWS\system32\SHELL32.dll
0x77f20000 0x76000 0x3 C:\WINDOWS\system32\SHLWAPI.dll
0x7e8c0000 0xb1000 0x2 C:\WINDOWS\system32\USERENV.dll
0x58730000 0x38000 0x1 C:\WINDOWS\system32\UxTheme.dll
0x762e0000 0x1d000 0x2 C:\WINDOWS\system32\IMM32.DLL
0x60740000 0x9000 0x1 C:\WINDOWS\system32\LPK.DLL
0x73f80000 0x6b000 0x1 C:\WINDOWS\system32\USP10.dll
0x77160000 0x103000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5ab60000 0x9a000 0x1 C:\WINDOWS\system32\comctl32.dll
0x76c90000 0x20000 0x1 C:\WINDOWS\system32\NTMARTA.DLL
0x71b40000 0x13000 0x1 C:\WINDOWS\system32\SAMLIB.dll
0x76f10000 0x2c000 0x1 C:\WINDOWS\system32\WLDAP32.dll
0x76210000 0x64000 0x1 c:\windows\system32\rpcss.dll
0x719e0000 0x17000 0x1 c:\windows\system32\WS2_32.dll
0x719d0000 0x8000 0x1 c:\windows\system32\WS2HELP.dll
0x006b0000 0x560000 0x1 C:\WINDOWS\system32\xpsp2res.dll
0x76f80000 0x7f000 0x2 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xab000 0x2 C:\WINDOWS\system32\COMRes.dll
************************************************************************
svchost.exe pid: 736
Command line : C:\WINDOWS\system32\svchost -k rpcss
Service Pack 3
Base Size LoadCount LoadTime Path
---------- ---------- ---------- ------------------------------ ----
0x01000000 0x6000 0xffff C:\WINDOWS\system32\svchost.exe
0x7c940000 0x9c000 0xffff C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x133000 0xffff C:\WINDOWS\system32\kernel32.dll
0x77d80000 0xa9000 0xffff C:\WINDOWS\system32\ADVAPI32.dll
0x77e30000 0x92000 0xffff C:\WINDOWS\system32\RPCRT4.dll
0x77fa0000 0x11000 0xffff C:\WINDOWS\system32\Secur32.dll
0x5a620000 0x26000 0x1 C:\WINDOWS\system32\ShimEng.dll
0x567f0000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL
0x77cf0000 0x90000 0x29 C:\WINDOWS\system32\USER32.dll
0x77ed0000 0x49000 0x23 C:\WINDOWS\system32\GDI32.dll
0x76af0000 0x2b000 0x2 C:\WINDOWS\system32\WINMM.dll
0x76970000 0x13d000 0x6 C:\WINDOWS\system32\ole32.dll
0x77bc0000 0x58000 0x2b C:\WINDOWS\system32\msvcrt.dll
0x770d0000 0x8b000 0x3 C:\WINDOWS\system32\OLEAUT32.dll
0x77b90000 0x15000 0x1 C:\WINDOWS\system32\MSACM32.dll
0x77bb0000 0x8000 0x3 C:\WINDOWS\system32\VERSION.dll
0x7d5b0000 0x800000 0x1 C:\WINDOWS\system32\SHELL32.dll
0x77f20000 0x76000 0x3 C:\WINDOWS\system32\SHLWAPI.dll
0x7e8c0000 0xb1000 0x2 C:\WINDOWS\system32\USERENV.dll
0x58730000 0x38000 0x1 C:\WINDOWS\system32\UxTheme.dll
0x762e0000 0x1d000 0x2 C:\WINDOWS\system32\IMM32.DLL
0x60740000 0x9000 0x1 C:\WINDOWS\system32\LPK.DLL
0x73f80000 0x6b000 0x1 C:\WINDOWS\system32\USP10.dll
0x77160000 0x103000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5ab60000 0x9a000 0x1 C:\WINDOWS\system32\comctl32.dll
0x76210000 0x64000 0x1 c:\windows\system32\rpcss.dll
0x719e0000 0x17000 0xe c:\windows\system32\WS2_32.dll
0x719d0000 0x8000 0x12 c:\windows\system32\WS2HELP.dll
0x006b0000 0x560000 0x1 C:\WINDOWS\system32\xpsp2res.dll
0x68000000 0x36000 0x1 C:\WINDOWS\system32\rsaenh.dll
0x71980000 0x3f000 0x5 C:\WINDOWS\system32\mswsock.dll
0x607c0000 0x56000 0x1 C:\WINDOWS\system32\hnetcfg.dll
0x719c0000 0x8000 0x1 C:\WINDOWS\System32\wshtcpip.dll
0x76ed0000 0x27000 0x2 C:\WINDOWS\system32\DNSAPI.dll
0x76d10000 0x19000 0x1 C:\WINDOWS\system32\iphlpapi.dll
0x76f60000 0x8000 0x1 C:\WINDOWS\System32\winrnr.dll
0x76f10000 0x2c000 0x1 C:\WINDOWS\system32\WLDAP32.dll
0x76f70000 0x6000 0x1 C:\WINDOWS\system32\rasadhlp.dll
0x76f80000 0x7f000 0x2 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xab000 0x2 C:\WINDOWS\system32\COMRes.dll
************************************************************************
svchost.exe pid: 800
Command line : C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Pack 3
Base Size LoadCount LoadTime Path
---------- ---------- ---------- ------------------------------ ----
0x01000000 0x6000 0xffff C:\WINDOWS\System32\svchost.exe
0x7c940000 0x9c000 0xffff C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x133000 0xffff C:\WINDOWS\system32\kernel32.dll
0x77d80000 0xa9000 0xffff C:\WINDOWS\system32\ADVAPI32.dll
0x77e30000 0x92000 0xffff C:\WINDOWS\system32\RPCRT4.dll
0x77fa0000 0x11000 0xffff C:\WINDOWS\system32\Secur32.dll
0x5a620000 0x26000 0x1 C:\WINDOWS\System32\ShimEng.dll
0x567f0000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL
0x77cf0000 0x90000 0x1fb C:\WINDOWS\system32\USER32.dll
0x77ed0000 0x49000 0x116 C:\WINDOWS\system32\GDI32.dll
0x76af0000 0x2b000 0xc C:\WINDOWS\System32\WINMM.dll
0x76970000 0x13d000 0x60 C:\WINDOWS\system32\ole32.dll
0x77bc0000 0x58000 0x1f7 C:\WINDOWS\system32\msvcrt.dll
0x770d0000 0x8b000 0x40 C:\WINDOWS\system32\OLEAUT32.dll
0x77b90000 0x15000 0x1 C:\WINDOWS\System32\MSACM32.dll
0x77bb0000 0x8000 0xf C:\WINDOWS\system32\VERSION.dll
0x7d5b0000 0x800000 0x9 C:\WINDOWS\system32\SHELL32.dll
0x77f20000 0x76000 0x44 C:\WINDOWS\system32\SHLWAPI.dll
0x7e8c0000 0xb1000 0xf C:\WINDOWS\system32\USERENV.dll
0x58730000 0x38000 0x4 C:\WINDOWS\System32\UxTheme.dll
0x762e0000 0x1d000 0x2 C:\WINDOWS\system32\IMM32.DLL
0x60740000 0x9000 0x1 C:\WINDOWS\System32\LPK.DLL
0x73f80000 0x6b000 0x1 C:\WINDOWS\System32\USP10.dll
0x77160000 0x103000 0xa C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5ab60000 0x9a000 0x6 C:\WINDOWS\system32\comctl32.dll
0x76c90000 0x20000 0x1 C:\WINDOWS\System32\NTMARTA.DLL
0x71b40000 0x13000 0xb C:\WINDOWS\System32\SAMLIB.dll
0x76f10000 0x2c000 0x13 C:\WINDOWS\system32\WLDAP32.dll
0x006b0000 0x560000 0x1 C:\WINDOWS\System32\xpsp2res.dll
0x76df0000 0x23000 0x3 c:\windows\system32\shsvcs.dll
0x762b0000 0x10000 0x12 C:\WINDOWS\System32\WINSTA.dll
0x59250000 0x55000 0x49 C:\WINDOWS\System32\NETAPI32.dll
0x7ccb0000 0x21000 0x4 c:\windows\system32\dhcpcsvc.dll
0x76ed0000 0x27000 0x8 c:\windows\system32\DNSAPI.dll
0x719e0000 0x17000 0x3b c:\windows\system32\WS2_32.dll
0x719d0000 0x8000 0x27 c:\windows\system32\WS2HELP.dll
0x76d10000 0x19000 0xb c:\windows\system32\iphlpapi.dll
0x68000000 0x36000 0x1 C:\WINDOWS\System32\rsaenh.dll
0x7ddd0000 0x8c000 0x2 c:\windows\system32\wzcsvc.dll
0x76e30000 0xe000 0x28 c:\windows\system32\rtutils.dll
0x76ce0000 0x4000 0x2 c:\windows\system32\WMI.dll
0x765c0000 0x94000 0x23 c:\windows\system32\CRYPT32.dll
0x77c40000 0x12000 0x1b c:\windows\system32\MSASN1.dll
0x4a9c0000 0xb000 0x3 c:\windows\system32\EapolQec.dll
0x76ad0000 0x11000 0x17 c:\windows\system32\ATL.DLL
0x7d1b0000 0x16000 0x3 c:\windows\system32\QUtil.dll
0x75fd0000 0x65000 0xa c:\windows\system32\MSVCP60.dll
0x42e00000 0xa000 0x6 c:\windows\system32\dot3api.dll
0x76f00000 0x8000 0xd c:\windows\system32\WTSAPI32.dll
0x6f850000 0x109000 0x4 c:\windows\system32\ESENT.dll
0x71980000 0x3f000 0x4 C:\WINDOWS\system32\mswsock.dll
0x607c0000 0x56000 0x3 C:\WINDOWS\System32\hnetcfg.dll
0x719c0000 0x8000 0x1 C:\WINDOWS\System32\wshtcpip.dll
0x76f80000 0x7f000 0x2 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xab000 0x5 C:\WINDOWS\System32\COMRes.dll
0x75da0000 0x27000 0x5 C:\WINDOWS\System32\rastls.dll
0x75410000 0x75000 0x6 C:\WINDOWS\System32\CRYPTUI.dll
0x63000000 0xe6000 0x7 C:\WINDOWS\system32\WININET.dll
0x00ff0000 0x9000 0x7 C:\WINDOWS\system32\Normaliz.dll
0x1a400000 0x132000 0x7 C:\WINDOWS\system32\urlmon.dll
0x5dca0000 0x1e8000 0xe C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 0xa C:\WINDOWS\System32\WINTRUST.dll
0x76c40000 0x28000 0xa C:\WINDOWS\system32\IMAGEHLP.dll
0x76cf0000 0x18000 0x6 C:\WINDOWS\System32\MPRAPI.dll
0x77fc0000 0x32000 0x6 C:\WINDOWS\System32\ACTIVEDS.dll
0x76dc0000 0x25000 0x6 C:\WINDOWS\System32\adsldpc.dll
0x76040000 0x159000 0xa C:\WINDOWS\System32\SETUPAPI.dll
0x76e90000 0x3c000 0xa C:\WINDOWS\System32\RASAPI32.dll
0x76e40000 0x12000 0xa C:\WINDOWS\System32\rasman.dll
0x76e60000 0x2f000 0xa C:\WINDOWS\System32\TAPI32.dll
0x767a0000 0x27000 0x5 C:\WINDOWS\System32\SCHANNEL.dll
0x72340000 0x1b000 0x5 C:\WINDOWS\System32\WinSCard.dll
0x76ba0000 0xb000 0x8 C:\WINDOWS\System32\PSAPI.DLL
0x75e90000 0x16000 0x3 C:\WINDOWS\System32\raschap.dll
0x77cb0000 0x24000 0x1 C:\WINDOWS\system32\msv1_0.dll
0x76830000 0x32000 0x1 c:\windows\system32\schedsvc.dll
0x76750000 0x13000 0x2 c:\windows\system32\NTDSAPI.dll
0x74e90000 0x5000 0x1 C:\WINDOWS\System32\MSIDLE.DLL
0x70d80000 0xd000 0x1 c:\windows\system32\audiosrv.dll
0x76520000 0x23000 0x1 c:\windows\system32\wkssvc.dll
0x71c90000 0x1b000 0x1 C:\WINDOWS\system32\actxprxy.dll
0x76280000 0x12000 0x1 c:\windows\system32\cryptsvc.dll
0x76b20000 0x31000 0x1 c:\windows\system32\certcli.dll
0x74ec0000 0x9000 0x1 c:\windows\system32\ersvc.dll
0x76880000 0x42000 0x3 c:\windows\system32\es.dll
0x74e80000 0xc000 0x1 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x74fd0000 0x1a000 0x1 c:\windows\system32\srvsvc.dll
0x77c70000 0x33000 0x1 c:\windows\system32\netman.dll
0x7e1e0000 0x19c000 0x2 c:\windows\system32\netshell.dll
0x76bb0000 0x2e000 0x2 c:\windows\system32\credui.dll
0x7d1d0000 0x6000 0x2 c:\windows\system32\dot3dlg.dll
0x4d550000 0x28000 0x2 c:\windows\system32\OneX.DLL
0x4a830000 0x22000 0x2 c:\windows\system32\eappcfg.dll
0x46110000 0xe000 0x2 c:\windows\system32\eappprxy.dll
0x72f80000 0x10000 0x1 c:\windows\system32\WZCSAPI.DLL
0x750e0000 0x2e000 0x1 c:\windows\system32\srsvc.dll
0x74a10000 0x8000 0x1 c:\windows\system32\POWRPROF.dll
0x72240000 0xd000 0x1 c:\windows\system32\sens.dll
0x73c70000 0x8000 0x1 c:\windows\system32\seclogon.dll
0x74fb0000 0x19000 0x1 c:\windows\system32\trkwks.dll
0x76770000 0x2f000 0x3 c:\windows\system32\w32time.dll
0x5cbc0000 0x28000 0x1 c:\windows\system32\wbem\wmisvc.dll
0x75320000 0x6d000 0x1 C:\WINDOWS\system32\VSSAPI.DLL
0x50000000 0x5000 0x1 c:\windows\system32\wuauserv.dll
0x50040000 0x119000 0x1 C:\WINDOWS\system32\wuaueng.dll
0x65000000 0x2e000 0x1 C:\WINDOWS\System32\ADVPACK.dll
0x75090000 0x13000 0x1 C:\WINDOWS\System32\Cabinet.dll
0x02060000 0xb000 0x1 C:\WINDOWS\System32\mspatcha.dll
0x76b60000 0x5000 0x1 C:\WINDOWS\System32\sfc.dll
0x76c10000 0x29000 0x2 C:\WINDOWS\System32\sfc_os.dll
0x76730000 0x9000 0x1 C:\WINDOWS\System32\SHFOLDER.dll
0x4a5a0000 0x59000 0x1 C:\WINDOWS\System32\WINHTTP.dll
0x72f50000 0x26000 0x1 C:\WINDOWS\System32\WINSPOOL.DRV
0x4c0a0000 0x17000 0x1 c:\windows\system32\wscsvc.dll
0x7c9e0000 0x2bc000 0x1 c:\windows\system32\msi.dll
0x5b780000 0x113000 0x1 C:\WINDOWS\System32\msxml3.dll
0x75de0000 0xaf000 0x1 C:\WINDOWS\System32\SXS.DLL
0x76f60000 0x8000 0x1 C:\WINDOWS\System32\winrnr.dll
************************************************************************
svchost.exe pid: 844
Command line : C:\WINDOWS\System32\svchost.exe -k NetworkService
Service Pack 3
Base Size LoadCount LoadTime Path
---------- ---------- ---------- ------------------------------ ----
0x01000000 0x6000 0xffff C:\WINDOWS\System32\svchost.exe
0x7c940000 0x9c000 0xffff C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x133000 0xffff C:\WINDOWS\system32\kernel32.dll
0x77d80000 0xa9000 0xffff C:\WINDOWS\system32\ADVAPI32.dll
0x77e30000 0x92000 0xffff C:\WINDOWS\system32\RPCRT4.dll
0x77fa0000 0x11000 0xffff C:\WINDOWS\system32\Secur32.dll
0x5a620000 0x26000 0x1 C:\WINDOWS\System32\ShimEng.dll
0x567f0000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL
0x77cf0000 0x90000 0x22 C:\WINDOWS\system32\USER32.dll
0x77ed0000 0x49000 0x1d C:\WINDOWS\system32\GDI32.dll
0x76af0000 0x2b000 0x2 C:\WINDOWS\System32\WINMM.dll
0x76970000 0x13d000 0x2 C:\WINDOWS\system32\ole32.dll
0x77bc0000 0x58000 0x17 C:\WINDOWS\system32\msvcrt.dll
0x770d0000 0x8b000 0x1 C:\WINDOWS\system32\OLEAUT32.dll
0x77b90000 0x15000 0x1 C:\WINDOWS\System32\MSACM32.dll
0x77bb0000 0x8000 0x1 C:\WINDOWS\system32\VERSION.dll
0x7d5b0000 0x800000 0x1 C:\WINDOWS\system32\SHELL32.dll
0x77f20000 0x76000 0x3 C:\WINDOWS\system32\SHLWAPI.dll
0x7e8c0000 0xb1000 0x1 C:\WINDOWS\system32\USERENV.dll
0x58730000 0x38000 0x1 C:\WINDOWS\System32\UxTheme.dll
0x762e0000 0x1d000 0x2 C:\WINDOWS\system32\IMM32.DLL
0x60740000 0x9000 0x1 C:\WINDOWS\System32\LPK.DLL
0x73f80000 0x6b000 0x1 C:\WINDOWS\System32\USP10.dll
0x77160000 0x103000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5ab60000 0x9a000 0x1 C:\WINDOWS\system32\comctl32.dll
0x76720000 0xd000 0x1 c:\windows\system32\dnsrslvr.dll
0x76ed0000 0x27000 0x1 c:\windows\system32\DNSAPI.dll
0x719e0000 0x17000 0x7 c:\windows\system32\WS2_32.dll
0x719d0000 0x8000 0x8 c:\windows\system32\WS2HELP.dll
0x76d10000 0x19000 0x2 c:\windows\system32\iphlpapi.dll
0x68000000 0x36000 0x1 C:\WINDOWS\System32\rsaenh.dll
0x71980000 0x3f000 0x2 C:\WINDOWS\system32\mswsock.dll
0x607c0000 0x56000 0x1 C:\WINDOWS\System32\hnetcfg.dll
0x719c0000 0x8000 0x1 C:\WINDOWS\System32\wshtcpip.dll
************************************************************************
svchost.exe pid: 876
Command line : C:\WINDOWS\System32\svchost.exe -k LocalService
Service Pack 3
Base Size LoadCount LoadTime Path
---------- ---------- ---------- ------------------------------ ----
0x01000000 0x6000 0xffff C:\WINDOWS\System32\svchost.exe
0x7c940000 0x9c000 0xffff C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x133000 0xffff C:\WINDOWS\system32\kernel32.dll
0x77d80000 0xa9000 0xffff C:\WINDOWS\system32\ADVAPI32.dll
0x77e30000 0x92000 0xffff C:\WINDOWS\system32\RPCRT4.dll
0x77fa0000 0x11000 0xffff C:\WINDOWS\system32\Secur32.dll
0x5a620000 0x26000 0x1 C:\WINDOWS\System32\ShimEng.dll
0x567f0000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL
0x77cf0000 0x90000 0x32 C:\WINDOWS\system32\USER32.dll
0x77ed0000 0x49000 0x2c C:\WINDOWS\system32\GDI32.dll
0x76af0000 0x2b000 0x2 C:\WINDOWS\System32\WINMM.dll
0x76970000 0x13d000 0x7 C:\WINDOWS\system32\ole32.dll
0x77bc0000 0x58000 0x22 C:\WINDOWS\system32\msvcrt.dll
0x770d0000 0x8b000 0x2 C:\WINDOWS\system32\OLEAUT32.dll
0x77b90000 0x15000 0x1 C:\WINDOWS\System32\MSACM32.dll
0x77bb0000 0x8000 0x1 C:\WINDOWS\system32\VERSION.dll
0x7d5b0000 0x800000 0x3 C:\WINDOWS\system32\SHELL32.dll
0x77f20000 0x76000 0xa C:\WINDOWS\system32\SHLWAPI.dll
0x7e8c0000 0xb1000 0x1 C:\WINDOWS\system32\USERENV.dll
0x58730000 0x38000 0x1 C:\WINDOWS\System32\UxTheme.dll
0x762e0000 0x1d000 0x2 C:\WINDOWS\system32\IMM32.DLL
0x60740000 0x9000 0x1 C:\WINDOWS\System32\LPK.DLL
0x73f80000 0x6b000 0x1 C:\WINDOWS\System32\USP10.dll
0x77160000 0x103000 0x3 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5ab60000 0x9a000 0x1 C:\WINDOWS\system32\comctl32.dll
0x76c90000 0x20000 0x1 C:\WINDOWS\System32\NTMARTA.DLL
0x71b40000 0x13000 0x1 C:\WINDOWS\System32\SAMLIB.dll
0x76f10000 0x2c000 0x1 C:\WINDOWS\system32\WLDAP32.dll
0x006b0000 0x560000 0x1 C:\WINDOWS\System32\xpsp2res.dll
0x74b80000 0x6000 0x1 c:\windows\system32\lmhsvc.dll
0x76d10000 0x19000 0x1 c:\windows\system32\iphlpapi.dll
0x719e0000 0x17000 0x4 c:\windows\system32\WS2_32.dll
0x719d0000 0x8000 0x3 c:\windows\system32\WS2HELP.dll
0x57f60000 0x15000 0x1 c:\windows\system32\webclnt.dll
0x63000000 0xe6000 0x1 C:\WINDOWS\system32\WININET.dll
0x00690000 0x9000 0x1 C:\WINDOWS\system32\Normaliz.dll
0x1a400000 0x132000 0x1 C:\WINDOWS\system32\urlmon.dll
0x5dca0000 0x1e8000 0x2 C:\WINDOWS\system32\iertutil.dll
************************************************************************
spoolsv.exe pid: 1172
Command line : C:\WINDOWS\system32\spoolsv.exe
Service Pack 3
Base Size LoadCount LoadTime Path
---------- ---------- ---------- ------------------------------ ----
0x01000000 0x10000 0xffff C:\WINDOWS\system32\spoolsv.exe
0x7c940000 0x9c000 0xffff C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x133000 0xffff C:\WINDOWS\system32\kernel32.dll
0x77d80000 0xa9000 0xffff C:\WINDOWS\system32\ADVAPI32.dll
0x77e30000 0x92000 0xffff C:\WINDOWS\system32\RPCRT4.dll
0x77fa0000 0x11000 0xffff C:\WINDOWS\system32\Secur32.dll
0x77ed0000 0x49000 0xffff C:\WINDOWS\system32\GDI32.dll
0x77cf0000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll
0x77bc0000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll
0x5a620000 0x26000 0x1 C:\WINDOWS\system32\ShimEng.dll
0x567f0000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76af0000 0x2b000 0x2 C:\WINDOWS\system32\WINMM.dll
0x76970000 0x13d000 0x2 C:\WINDOWS\system32\ole32.dll
0x770d0000 0x8b000 0x1 C:\WINDOWS\system32\OLEAUT32.dll
0x77b90000 0x15000 0x1 C:\WINDOWS\system32\MSACM32.dll
0x77bb0000 0x8000 0x1 C:\WINDOWS\system32\VERSION.dll
0x7d5b0000 0x800000 0x1 C:\WINDOWS\system32\SHELL32.dll
0x77f20000 0x76000 0x3 C:\WINDOWS\system32\SHLWAPI.dll
0x7e8c0000 0xb1000 0x1 C:\WINDOWS\system32\USERENV.dll
0x58730000 0x38000 0x1 C:\WINDOWS\system32\UxTheme.dll
0x762e0000 0x1d000 0x2 C:\WINDOWS\system32\IMM32.DLL
0x60740000 0x9000 0x1 C:\WINDOWS\system32\LPK.DLL
0x73f80000 0x6b000 0x1 C:\WINDOWS\system32\USP10.dll
0x77160000 0x103000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5ab60000 0x9a000 0x1 C:\WINDOWS\system32\comctl32.dll
************************************************************************
userinit.exe pid: 1268
Command line : C:\WINDOWS\system32\userinit.exe
Service Pack 3
Base Size LoadCount LoadTime Path
---------- ---------- ---------- ------------------------------ ----
0x01000000 0x9000 0xffff C:\WINDOWS\system32\userinit.exe
0x7c940000 0x9c000 0xffff C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x133000 0xffff C:\WINDOWS\system32\kernel32.dll
0x77cf0000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll
0x77ed0000 0x49000 0xffff C:\WINDOWS\system32\GDI32.dll
0x77d80000 0xa9000 0xffff C:\WINDOWS\system32\ADVAPI32.dll
0x77e30000 0x92000 0xffff C:\WINDOWS\system32\RPCRT4.dll
0x77fa0000 0x11000 0xffff C:\WINDOWS\system32\Secur32.dll
0x765c0000 0x94000 0xffff C:\WINDOWS\system32\CRYPT32.dll
0x77c40000 0x12000 0xffff C:\WINDOWS\system32\MSASN1.dll
0x77bc0000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll
0x72f50000 0x26000 0xffff C:\WINDOWS\system32\WINSPOOL.DRV
0x59250000 0x55000 0xffff C:\WINDOWS\system32\NETAPI32.dll
0x76f10000 0x2c000 0xffff C:\WINDOWS\system32\WLDAP32.dll
0x5a620000 0x26000 0x1 C:\WINDOWS\system32\ShimEng.dll
0x567f0000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76af0000 0x2b000 0x2 C:\WINDOWS\system32\WINMM.dll
0x76970000 0x13d000 0x2 C:\WINDOWS\system32\ole32.dll
0x770d0000 0x8b000 0x1 C:\WINDOWS\system32\OLEAUT32.dll
0x77b90000 0x15000 0x1 C:\WINDOWS\system32\MSACM32.dll
0x77bb0000 0x8000 0x2 C:\WINDOWS\system32\VERSION.dll
0x7d5b0000 0x800000 0x1 C:\WINDOWS\system32\SHELL32.dll
0x77f20000 0x76000 0x3 C:\WINDOWS\system32\SHLWAPI.dll
0x7e8c0000 0xb1000 0x1 C:\WINDOWS\system32\USERENV.dll
0x58730000 0x38000 0x3 C:\WINDOWS\system32\UxTheme.dll
0x762e0000 0x1d000 0x3 C:\WINDOWS\system32\IMM32.DLL
0x60740000 0x9000 0x1 C:\WINDOWS\system32\LPK.DLL
0x73f80000 0x6b000 0x1 C:\WINDOWS\system32\USP10.dll
0x77160000 0x103000 0x1 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5ab60000 0x9a000 0x1 C:\WINDOWS\system32\comctl32.dll
0x76d90000 0x22000 0x1 C:\WINDOWS\system32\Apphelp.dll
************************************************************************
explorer.exe pid: 1284
Command line : C:\WINDOWS\Explorer.EXE
Service Pack 3
Base Size LoadCount LoadTime Path
---------- ---------- ---------- ------------------------------ ----
0x01000000 0xfd000 0xffff C:\WINDOWS\Explorer.EXE
0x7c940000 0x9c000 0xffff C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x133000 0xffff C:\WINDOWS\system32\kernel32.dll
0x77d80000 0xa9000 0xffff C:\WINDOWS\system32\ADVAPI32.dll
0x77e30000 0x92000 0xffff C:\WINDOWS\system32\RPCRT4.dll
0x77fa0000 0x11000 0xffff C:\WINDOWS\system32\Secur32.dll
0x75ed0000 0xfd000 0xffff C:\WINDOWS\system32\BROWSEUI.dll
0x77ed0000 0x49000 0xffff C:\WINDOWS\system32\GDI32.dll
0x77cf0000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll
0x77bc0000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll
0x76970000 0x13d000 0xffff C:\WINDOWS\system32\ole32.dll
0x77f20000 0x76000 0xffff C:\WINDOWS\system32\SHLWAPI.dll
0x770d0000 0x8b000 0xffff C:\WINDOWS\system32\OLEAUT32.dll
0x7e740000 0x171000 0xffff C:\WINDOWS\system32\SHDOCVW.dll
0x765c0000 0x94000 0xffff C:\WINDOWS\system32\CRYPT32.dll
0x77c40000 0x12000 0xffff C:\WINDOWS\system32\MSASN1.dll
0x75410000 0x75000 0xffff C:\WINDOWS\system32\CRYPTUI.dll
0x59250000 0x55000 0xffff C:\WINDOWS\system32\NETAPI32.dll
0x77bb0000 0x8000 0xffff C:\WINDOWS\system32\VERSION.dll
0x63000000 0xe6000 0xffff C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 0xffff C:\WINDOWS\system32\Normaliz.dll
0x1a400000 0x132000 0xffff C:\WINDOWS\system32\urlmon.dll
0x5dca0000 0x1e8000 0xffff C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 0xffff C:\WINDOWS\system32\WINTRUST.dll
0x76c40000 0x28000 0xffff C:\WINDOWS\system32\IMAGEHLP.dll
0x76f10000 0x2c000 0xffff C:\WINDOWS\system32\WLDAP32.dll
0x7d5b0000 0x800000 0xffff C:\WINDOWS\system32\SHELL32.dll
0x58730000 0x38000 0xffff C:\WINDOWS\system32\UxTheme.dll
0x5a620000 0x26000 0x1 C:\WINDOWS\system32\ShimEng.dll
0x567f0000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76af0000 0x2b000 0x3 C:\WINDOWS\system32\WINMM.dll
0x77b90000 0x15000 0x1 C:\WINDOWS\system32\MSACM32.dll
0x7e8c0000 0xb1000 0x4 C:\WINDOWS\system32\USERENV.dll
0x762e0000 0x1d000 0x6 C:\WINDOWS\system32\IMM32.DLL
0x60740000 0x9000 0x1 C:\WINDOWS\system32\LPK.DLL
0x73f80000 0x6b000 0x1 C:\WINDOWS\system32\USP10.dll
0x77160000 0x103000 0x15 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5ab60000 0x9a000 0x3 C:\WINDOWS\system32\comctl32.dll
0x73620000 0x2e000 0x1 C:\WINDOWS\system32\msctfime.ime
0x4edc0000 0x56000 0x1 C:\WINDOWS\system32\imjp81.ime
0x648f0000 0xd0000 0x2 C:\WINDOWS\system32\imjp81k.dll
0x76d90000 0x22000 0x2 C:\WINDOWS\system32\appHelp.dll
0x76f80000 0x7f000 0x2 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xab000 0x2 C:\WINDOWS\system32\COMRes.dll
0x76570000 0x50000 0x2 C:\WINDOWS\System32\cscui.dll
0x76550000 0x1c000 0x2 C:\WINDOWS\System32\CSCDLL.dll
0x59020000 0x6f000 0x1 C:\WINDOWS\System32\themeui.dll
0x762d0000 0x5000 0x1 C:\WINDOWS\System32\MSIMG32.dll
0x01100000 0x560000 0x1 C:\WINDOWS\system32\xpsp2res.dll
0x3b100000 0x1b000 0x1 C:\WINDOWS\IME\IMJP8_1\Dicts\IMJPCD.DIC
0x71c90000 0x1b000 0x1 C:\WINDOWS\system32\actxprxy.dll
0x5d960000 0x33000 0x1 C:\WINDOWS\System32\msutb.dll
0x74660000 0x4c000 0x4 C:\WINDOWS\System32\MSCTF.dll
0x71b40000 0x13000 0x1 C:\WINDOWS\system32\SAMLIB.dll
0x76040000 0x159000 0x6 C:\WINDOWS\system32\SETUPAPI.dll
0x76940000 0x24000 0x1 C:\WINDOWS\system32\ntshrui.dll
0x76ad0000 0x11000 0x2 C:\WINDOWS\system32\ATL.DLL
0x040f0000 0xa91000 0x2 C:\WINDOWS\system32\ieframe.dll
0x7e1e0000 0x19c000 0x1 C:\WINDOWS\system32\NETSHELL.dll
0x76bb0000 0x2e000 0x1 C:\WINDOWS\system32\credui.dll
0x42e00000 0xa000 0x2 C:\WINDOWS\system32\dot3api.dll
0x76e30000 0xe000 0x4 C:\WINDOWS\system32\rtutils.dll
0x7d1d0000 0x6000 0x1 C:\WINDOWS\system32\dot3dlg.dll
0x4d550000 0x28000 0x1 C:\WINDOWS\system32\OneX.DLL
0x76f00000 0x8000 0x3 C:\WINDOWS\system32\WTSAPI32.dll
0x762b0000 0x10000 0x4 C:\WINDOWS\system32\WINSTA.dll
0x4a830000 0x22000 0x1 C:\WINDOWS\system32\eappcfg.dll
0x75fd0000 0x65000 0x2 C:\WINDOWS\system32\MSVCP60.dll
0x46110000 0xe000 0x1 C:\WINDOWS\system32\eappprxy.dll
0x76d10000 0x19000 0x1 C:\WINDOWS\system32\iphlpapi.dll
0x719e0000 0x17000 0x2 C:\WINDOWS\system32\WS2_32.dll
0x719d0000 0x8000 0x1 C:\WINDOWS\system32\WS2HELP.dll
0x052a0000 0x3d000 0x1 C:\WINDOWS\system32\webcheck.dll
0x74cd0000 0x91000 0x1 C:\WINDOWS\system32\MLANG.dll
0x75aa0000 0x20000 0x2 C:\WINDOWS\System32\stobject.dll
0x74a30000 0xa000 0x2 C:\WINDOWS\System32\BatMeter.dll
0x74a10000 0x8000 0x4 C:\WINDOWS\System32\POWRPROF.dll
************************************************************************
ctfmon.exe pid: 1412
Command line : "C:\WINDOWS\system32\ctfmon.exe"
Service Pack 3
Base Size LoadCount LoadTime Path
---------- ---------- ---------- ------------------------------ ----
0x00400000 0x6000 0xffff C:\WINDOWS\system32\ctfmon.exe
0x7c940000 0x9c000 0xffff C:\WINDOWS\system32\ntdll.dll
0x7c800000 0x133000 0xffff C:\WINDOWS\system32\kernel32.dll
0x77bc0000 0x58000 0xffff C:\WINDOWS\system32\msvcrt.dll
0x77d80000 0xa9000 0xffff C:\WINDOWS\system32\ADVAPI32.dll
0x77e30000 0x92000 0xffff C:\WINDOWS\system32\RPCRT4.dll
0x77fa0000 0x11000 0xffff C:\WINDOWS\system32\Secur32.dll
0x77cf0000 0x90000 0xffff C:\WINDOWS\system32\USER32.dll
0x77ed0000 0x49000 0xffff C:\WINDOWS\system32\GDI32.dll
0x74660000 0x4c000 0xffff C:\WINDOWS\system32\MSCTF.dll
0x5d960000 0x33000 0xffff C:\WINDOWS\system32\MSUTB.dll
0x5a620000 0x26000 0x1 C:\WINDOWS\system32\ShimEng.dll
0x567f0000 0x1ca000 0x1 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76af0000 0x2b000 0x2 C:\WINDOWS\system32\WINMM.dll
0x76970000 0x13d000 0x4 C:\WINDOWS\system32\ole32.dll
0x770d0000 0x8b000 0x1 C:\WINDOWS\system32\OLEAUT32.dll
0x77b90000 0x15000 0x1 C:\WINDOWS\system32\MSACM32.dll
0x77bb0000 0x8000 0x1 C:\WINDOWS\system32\VERSION.dll
0x7d5b0000 0x800000 0x2 C:\WINDOWS\system32\SHELL32.dll
0x77f20000 0x76000 0x6 C:\WINDOWS\system32\SHLWAPI.dll
0x7e8c0000 0xb1000 0x1 C:\WINDOWS\system32\USERENV.dll
0x58730000 0x38000 0x5 C:\WINDOWS\system32\UxTheme.dll
0x762e0000 0x1d000 0x6 C:\WINDOWS\system32\IMM32.DLL
0x60740000 0x9000 0x1 C:\WINDOWS\system32\LPK.DLL
0x73f80000 0x6b000 0x1 C:\WINDOWS\system32\USP10.dll
0x77160000 0x103000 0x3 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x73620000 0x2e000 0x1 C:\WINDOWS\system32\msctfime.ime
0x4edc0000 0x56000 0x1 C:\WINDOWS\system32\imjp81.ime
0x648f0000 0xd0000 0x2 C:\WINDOWS\system32\imjp81k.dll
以上。